Additional information about phishing attack

The table below describes the structure of a JSON file that includes metadata about a phishing attack. You can download an archive containing the JSON file via Kaspersky Threat Intelligence Portal web interface or API method.

The described fields are optional and may be omitted in the JSON file if the relevant information is not available. Also, the JSON file may contain fields that are not described in the table.

JSON fields

Field	Description
`phishing_url`	Phishing web address.
`redirect`	Indicator that shows whether the phishing web address redirects to another web address (`true` or `false`).
`redirect_to`	Web address which the phishing web address redirects to.
`brand`	Name of the brand mentioned on the web page located at the phishing web address.
`first_seen`	Date and time when the phishing web address was first detected, specified in the UNIX time stamp system (number of seconds elapsed since 00:00:00 UTC, 1 January 1970). For a web address detected for the first time, the values of the `first_seen` and `last_seen` fields are the same.
`last_seen`	Date and time when the phishing web address was last detected, specified in the UNIX time stamp system (number of seconds elapsed since 00:00:00 UTC, 1 January 1970).
`popularity`	Phishing web address popularity index for the last three months.
`users_geo`	Top 10 countries from which Kaspersky users have accessed the phishing web address in the last three months.
`resolver_ips`	IP addresses to which the phishing web address resolves.
`stolen_data`	Types of stolen data.
`attack_type`	Type of attack.
`whoisinfo`	Section containing WHOIS information about an object.
`whois_object`	Name of an object for which WHOIS information is provided.
`main`	Section containing general information about the object specified in the `whois_object` field.
`changed`	Date of last information update about the domain or network in the registrar database.
`created`	Date of the domain or network registration.
`paidtill`	Date until which the domain registration is paid.
`handle`	Network ID, the unique descriptor assigned to the network by the registrar.
`ip-max`	Maximum value of the IP address range in the network.
`ip-min`	Minimum value of the IP address range in the network.
`nserver`	DNS server name.
`status`	Object status.
`country`	Country code.
`descr`	Description of a domain or network.
`name`	Network name, the unique descriptor assigned to the network by the registrar.
`source`	Data source.
`contacts`	Section containing contact information.
`person`	Name of the domain or network owner.
`organization`	Name of the organization that owns the domain or network.
`role`	Contact role (owner, admin, tech).
`address`	Address where the contact is registered.
`country`	Country in which the contact is registered.
`city`	City in which the contact is registered.
`changed`	Date when the contact information was last modified.
`created`	Contact registration date.
`email`	Contact email address.
`handle`	Contact ID, the unique descriptor assigned to the contact by the registrar.
`phone`	Contact phone number.
`fax`	Contact fax number.
`source`	Data source for the contact.
`descr`	Contact description.

Page top